27 lines
1.4 KiB
Bash
Executable File
27 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
reverse_fqdn_cert_id="${1:?}"
|
|
|
|
# Prep dirs
|
|
mkdir -v -p '/etc/pki/tls/certs/quico-ops/user/'{'nginx','znc'}'/'"${reverse_fqdn_cert_id}"
|
|
chown -v -R 'znc:znc' '/etc/pki/tls/certs/quico-ops/user/znc'
|
|
chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/znc'
|
|
chown -v -R 'nginx:nginx' '/etc/pki/tls/certs/quico-ops/user/nginx'
|
|
chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/nginx'
|
|
|
|
# Prep ZNC
|
|
rsync -av '/etc/pki/tls/certs/quico-ops/system/'"${reverse_fqdn_cert_id}"'/' '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/'
|
|
cat '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/'{''"${reverse_fqdn_cert_id}"'.key','fullchain.cer'} > '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/znc.pem'
|
|
chown -v -R 'znc:znc' '/etc/pki/tls/certs/quico-ops/user/znc'
|
|
chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/znc'
|
|
|
|
# Prep Nginx
|
|
rsync -av '/etc/pki/tls/certs/quico-ops/system/'"${reverse_fqdn_cert_id}"'/' '/etc/pki/tls/certs/quico-ops/user/nginx/'"${reverse_fqdn_cert_id}"'/'
|
|
chown -v -R 'nginx:nginx' '/etc/pki/tls/certs/quico-ops/user/nginx'
|
|
chmod -v -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/nginx'
|
|
|
|
# Reload Nginx if active. ZNC on the other hand always delivers newest cert.
|
|
# We don't have to care if ZNC is running.
|
|
if systemctl --quiet is-active nginx.service; then
|
|
nginx -t && nginx -s reload
|
|
fi
|